Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Tipsandtricks-hq Security Vulnerabilities

cve
cve

CVE-2024-6072

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1CVSS

5.9AI Score

0.0005EPSS

2024-07-15 06:15 AM
26
cve
cve

CVE-2024-6073

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS

5.8AI Score

0.0005EPSS

2024-07-15 06:15 AM
27
cve
cve

CVE-2024-6074

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS

5.8AI Score

0.0005EPSS

2024-07-15 06:15 AM
27
cve
cve

CVE-2024-6075

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

8.8CVSS

6.5AI Score

0.001EPSS

2024-07-15 06:15 AM
27
cve
cve

CVE-2024-6076

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1CVSS

5.8AI Score

0.0005EPSS

2024-07-15 06:15 AM
29
cve
cve

CVE-2024-6133

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.5CVSS

8.6AI Score

0.0004EPSS

2024-08-12 01:38 PM
24
cve
cve

CVE-2024-6136

The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

5.4CVSS

9.4AI Score

0.0004EPSS

2024-08-12 01:38 PM
30
cve
cve

CVE-2024-7353

The Accept Stripe Payments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's accept_stripe_payment_ng shortcode in all versions up to, and including, 2.0.86 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

5.4CVSS

5.1AI Score

0.0004EPSS

2024-08-07 12:15 PM
8
Total number of security vulnerabilities58